Re: [TLS] draft-ietf-tls-dtls-connection-id-07 / IANA connection_id

Benjamin Kaduk <bkaduk@akamai.com> Mon, 27 July 2020 19:03 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4D103A08C0 for <tls@ietfa.amsl.com>; Mon, 27 Jul 2020 12:03:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JRbxuWfklRsA for <tls@ietfa.amsl.com>; Mon, 27 Jul 2020 12:03:41 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D31E3A048D for <tls@ietf.org>; Mon, 27 Jul 2020 12:03:40 -0700 (PDT)
Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 06RJ2BvZ015253; Mon, 27 Jul 2020 20:03:38 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=date : from : to : cc : subject : message-id : references : mime-version : content-type : in-reply-to; s=jan2016.eng; bh=YbyXtjJuTreJMwECndbfe1dbV6+MyUI8ri1p/pEdyfA=; b=SGlYvJ0KyClpavBNeVUDzqINZ6Z5uKghVSu9mxi7vYW7qnM17VNKcUEbfMDhbailJiue cewOlBp36xHxB8l5kBRqezxuTz+TNStXvOcs/NB479xZJxLp49rh0XUuZ7gGzl/cR3EJ wdgJHobUtvjibA8Ni5QjtfQs6WJJUYFSfVXfXA5A2Y0R0xr26v3D+Yc43koniIg395zl n++sIKlIOpavPneMhWS3c6keLJiN0eMbR3n+ho0tRXXeSWJ6ve2iogORZHf5EWC2tdwT LpKzQ/5HOkHjGuuWy2A1Qa1CplInw5vY9zd6Og6JdME8Kp6XW6ANomey2Fm30pxpjouQ fg==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19] (may be forged)) by m0050102.ppops.net-00190b01. with ESMTP id 32g9tjp0rn-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 27 Jul 2020 20:03:38 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.42/8.16.0.42) with SMTP id 06RIlBpa019407; Mon, 27 Jul 2020 15:03:37 -0400
Received: from prod-mail-relay11.akamai.com ([172.27.118.250]) by prod-mail-ppoint2.akamai.com with ESMTP id 32gg2xwp22-1; Mon, 27 Jul 2020 15:03:37 -0400
Received: from akamai.com (sea-lp9yo.kendall.corp.akamai.com [172.19.16.134]) by prod-mail-relay11.akamai.com (Postfix) with ESMTP id 2A5DA2C309; Mon, 27 Jul 2020 19:03:37 +0000 (GMT)
Date: Mon, 27 Jul 2020 12:03:36 -0700
From: Benjamin Kaduk <bkaduk@akamai.com>
To: Achim Kraus <achimkraus@gmx.net>
Cc: "tls@ietf.org" <tls@ietf.org>
Message-ID: <20200727190335.GS20623@akamai.com>
References: <ba076bb8-0aff-9847-1667-5fb6528be107@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <ba076bb8-0aff-9847-1667-5fb6528be107@gmx.net>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-27_13:2020-07-27, 2020-07-27 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 phishscore=0 spamscore=0 mlxlogscore=999 suspectscore=0 malwarescore=0 bulkscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007270127
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-07-27_13:2020-07-27, 2020-07-27 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 lowpriorityscore=0 mlxlogscore=999 suspectscore=0 priorityscore=1501 adultscore=0 mlxscore=0 bulkscore=0 malwarescore=0 impostorscore=0 phishscore=0 spamscore=0 clxscore=1011 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2006250000 definitions=main-2007270129
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/YIN5u2e68mNDFm6Ybh-Rcwr6eM0>
Subject: Re: [TLS] draft-ietf-tls-dtls-connection-id-07 / IANA connection_id
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Jul 2020 19:03:50 -0000

Hi Achim,

My apologies for the URL mangling by my corporate spam filter.

On Wed, Jul 22, 2020 at 08:53:21AM +0200, Achim Kraus wrote:
> Dear list,
> 
> are there any news about the draft-ietf-tls-dtls-connection-id and the
> IANA registration of the connection_id?
> 
> According
> https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Dtls-2Ddtls-2Dconnection-2Did&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=HetqGKNPLld3ESyjZr6lPT8gnkN8LiIxcivjicGpyeg&s=kAlzAEjg0E4P_Cw7G3afL6NHvcFJpJLl72gJVzBvrJ8&e=  the
> draft expired on April 23, 2020 and according
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.iana.org_assignments_tls-2Dextensiontype-2Dvalues_tls-2Dextensiontype-2Dvalues.xhtml&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=HetqGKNPLld3ESyjZr6lPT8gnkN8LiIxcivjicGpyeg&s=poEk1-YL4mzxACY3b-Ldn9NtcPOSd-ZvDKXJcbQ3Ep0&e=
> the assigned value expired on 2020-07-02.

There seems to have been some oversight, as this assignment was not included
in a report of "early allocations assigning in the next 60 days" that was produced
on 2020-06-15.  I have asked IANA to investigate (and indicated that this
extension's allocation should be renewed).

The draft itself is essentially done from the WG's point of view, with just
the two PRs you note left to merge.  It has been waiting for quite some time for
me to perform an AD evaluation and start an IETF Last Call on it; I expect to do
so in the next couple weeks.

Thanks,

Ben

> I still very interested in this extension, it makes coap over dtls 1.2 a
> very powerful technology for the cloud and NB IoT.
> 
> Currently two pending threats are discussed, see the PRs in
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_tlswg_dtls-2Dconn-2Did&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=HetqGKNPLld3ESyjZr6lPT8gnkN8LiIxcivjicGpyeg&s=6LWHz8pLHziy_jeL2sXwJnw4Y7gz84VzFUe0ur4RsDg&e=  .
> 
> One of both is in my opinion a general one using UDP, several
> countermeasures are discussed, including RRC. Let me add, that in my
> opinion, it's also about to chose cid for the right use-case, and not
> generally. That would mostly eliminated the DDoS threat, if the use-case
> doesn't offer an amplification.
> The other one requires in my opinion a remark about not using the option
> of RFC 6347 to generate an alert on invalid MACs, if the cid is used.
> Potentially, if of any interest at all, an additional remark about
> AES-CBC, the CID length and "lucky 13" maybe added, though the cid
> changes the 13.
> 
> For me this looks much more, that the authors are too busy with other
> work and not that this draft doesn't make sense anymore. Therefore I
> would appreciate, if the temporary IANA registration for the
> connection_id could be extended by an additional year.
> 
> Best regards
> Achim Kraus
> 
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_tls&d=DwICAg&c=96ZbZZcaMF4w0F4jpN6LZg&r=sssDLkeEEBWNIXmTsdpw8TZ3tAJx-Job4p1unc7rOhM&m=HetqGKNPLld3ESyjZr6lPT8gnkN8LiIxcivjicGpyeg&s=FbOzAxOPoG1SVAsJCPteFfbyv3RYaOwBj5OuZTxcerk&e=